From f6d9722b225951742be368bada6ac55cdd975ddf Mon Sep 17 00:00:00 2001 From: Harsh Pandey Date: Mon, 5 Feb 2024 19:50:56 +0530 Subject: [PATCH 1/4] feat: aip text --- ...troactiveBugBountyPreImmunefi_20240205.sol | 16 +++++ ...oactiveBugBountyPreImmunefi_20240205.t.sol | 32 ++++++++++ .../RetroactiveBugBountyPreImmunefi.md | 39 +++++++++++++ ...oactiveBugBountyPreImmunefi_20240205.s.sol | 58 +++++++++++++++++++ .../config.ts | 15 +++++ 5 files changed, 160 insertions(+) create mode 100644 src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol create mode 100644 src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol create mode 100644 src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md create mode 100644 src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol create mode 100644 src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/config.ts diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol new file mode 100644 index 000000000..5ae6e595e --- /dev/null +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import {IProposalGenericExecutor} from 'aave-helpers/interfaces/IProposalGenericExecutor.sol'; + +/** + * @title Retroactive Bug Bounty Pre-Immunefi + * @author BGD Labs @bgdlabs + * - Snapshot: https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e38def2907a53791eb16d472dac1d45fb5ec26b + * - Discussion: https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989 + */ +contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 is IProposalGenericExecutor { + function execute() external { + // custom code goes here + } +} diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol new file mode 100644 index 000000000..7905bd2c1 --- /dev/null +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import {AaveV3Ethereum} from 'aave-address-book/AaveV3Ethereum.sol'; + +import 'forge-std/Test.sol'; +import {ProtocolV3TestBase, ReserveConfig} from 'aave-helpers/ProtocolV3TestBase.sol'; +import {AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205} from './AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol'; + +/** + * @dev Test for AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 + * command: make test-contract filter=AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 + */ +contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_Test is ProtocolV3TestBase { + AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 internal proposal; + + function setUp() public { + vm.createSelectFork(vm.rpcUrl('mainnet'), 19162484); + proposal = new AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205(); + } + + /** + * @dev executes the generic test suite including e2e and config snapshots + */ + function test_defaultProposalExecution() public { + defaultTest( + 'AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205', + AaveV3Ethereum.POOL, + address(proposal) + ); + } +} diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md new file mode 100644 index 000000000..7fdbb8795 --- /dev/null +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md @@ -0,0 +1,39 @@ +--- +title: "Retroactive Bug Bounty Pre-Immunefi" +author: "BGD Labs @bgdlabs" +discussions: "https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989" +snapshot: "https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e38def2907a53791eb16d472dac1d45fb5ec26b" +--- + +## Simple Summary + +Proposal to release a grand total of 86’500 USDC, for bounties pending from before the setup of the Aave <> Immunefi official bug bounty program + +## Motivation + +Before the setup of the Aave <> Immunefi bug bounty program on [September 25th 2023](https://governance-v2.aave.com/governance/proposal/325/), security reports by white hats were evaluated in an ad-hoc basis. + +Currently, every report is being processed via Immunefi and the rules of the Aave program, however, there were other reports submitted via other channel before that. As these reports should be evaluated at time of submission for fairness, and outside of the Immunefi scope defined afterwards, we think it is a good idea to reward them separately and retro-actively outside the program. + +In one of the cases, we had recommended the white hat to submit the report via Immunefi, in order to have access to the mediation procedure of the platform. As this mediation process was finally requested by the white hat, Immunefi charges the corresponding fee of 10% of the amount. + +## Specification + +This proposal, will release the following funds to white-hat addresses and the Immunefi platform, from the Aave Ethereum Collector: + +- $65’000 to `0xFa760444A229e78A50Ca9b3779f4ce4CcE10E170`. + +- $25’000 to `0x7dF98A6e1895fd247aD4e75B8EDa59889fa7310b`. + +- $6'500 to `0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b` (immunefi.eth). This is the fee corresponding to the 10% of the bounty being paid. + +## References + +- Implementation: [AaveV3Ethereum](https://github.com/bgd-labs/aave-proposals-v3/blob/main/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol) +- Tests: [AaveV3Ethereum](https://github.com/bgd-labs/aave-proposals-v3/blob/main/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol) +- [Snapshot](https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e38def2907a53791eb16d472dac1d45fb5ec26b) +- [Discussion](https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989) + +## Copyright + +Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol new file mode 100644 index 000000000..f3dbda9c8 --- /dev/null +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import {GovV3Helpers, IPayloadsControllerCore, PayloadsControllerUtils} from 'aave-helpers/GovV3Helpers.sol'; +import {EthereumScript} from 'aave-helpers/ScriptUtils.sol'; +import {AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205} from './AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol'; + +/** + * @dev Deploy Ethereum + * deploy-command: make deploy-ledger contract=src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol:DeployEthereum chain=mainnet + * verify-command: npx catapulta-verify -b broadcast/RetroactiveBugBountyPreImmunefi_20240205.s.sol/1/run-latest.json + */ +contract DeployEthereum is EthereumScript { + function run() external broadcast { + // deploy payloads + address payload0 = GovV3Helpers.deployDeterministic( + type(AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205).creationCode + ); + + // compose action + IPayloadsControllerCore.ExecutionAction[] + memory actions = new IPayloadsControllerCore.ExecutionAction[](1); + actions[0] = GovV3Helpers.buildAction(payload0); + + // register action at payloadsController + GovV3Helpers.createPayload(actions); + } +} + +/** + * @dev Create Proposal + * command: make deploy-ledger contract=src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol:CreateProposal chain=mainnet + */ +contract CreateProposal is EthereumScript { + function run() external { + // create payloads + PayloadsControllerUtils.Payload[] memory payloads = new PayloadsControllerUtils.Payload[](1); + + // compose actions for validation + IPayloadsControllerCore.ExecutionAction[] + memory actionsEthereum = new IPayloadsControllerCore.ExecutionAction[](1); + actionsEthereum[0] = GovV3Helpers.buildAction( + type(AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205).creationCode + ); + payloads[0] = GovV3Helpers.buildMainnetPayload(vm, actionsEthereum); + + // create proposal + vm.startBroadcast(); + GovV3Helpers.createProposal( + vm, + payloads, + GovV3Helpers.ipfsHashFile( + vm, + 'src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md' + ) + ); + } +} diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/config.ts b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/config.ts new file mode 100644 index 000000000..0cb0cf3ba --- /dev/null +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/config.ts @@ -0,0 +1,15 @@ +import {ConfigFile} from '../../generator/types'; +export const config: ConfigFile = { + rootOptions: { + pools: ['AaveV3Ethereum'], + title: 'Retroactive Bug Bounty Pre-Immunefi', + shortName: 'RetroactiveBugBountyPreImmunefi', + date: '20240205', + author: 'BGD Labs @bgdlabs', + discussion: + 'https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989', + snapshot: + 'https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e38def2907a53791eb16d472dac1d45fb5ec26b', + }, + poolOptions: {AaveV3Ethereum: {configs: {OTHERS: {}}, cache: {blockNumber: 19162484}}}, +}; From 5e28da73c4a33fee7c5f83403a282ac4d2e7a5ce Mon Sep 17 00:00:00 2001 From: Harsh Pandey Date: Mon, 5 Feb 2024 22:59:21 +0530 Subject: [PATCH 2/4] feat: add payload and tests --- ...tiveBugBountyPreImmunefi_20240205_after.md | 5 +++ ...troactiveBugBountyPreImmunefi_20240205.sol | 37 +++++++++++++++- ...oactiveBugBountyPreImmunefi_20240205.t.sol | 43 +++++++++++++++++-- .../RetroactiveBugBountyPreImmunefi.md | 2 + 4 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 diffs/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_before_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_after.md diff --git a/diffs/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_before_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_after.md b/diffs/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_before_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_after.md new file mode 100644 index 000000000..c15d3e2bc --- /dev/null +++ b/diffs/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_before_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_after.md @@ -0,0 +1,5 @@ +## Raw diff + +```json +{} +``` \ No newline at end of file diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol index 5ae6e595e..23a2eab70 100644 --- a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol @@ -1,6 +1,7 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; +import {AaveV3Ethereum, AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol'; import {IProposalGenericExecutor} from 'aave-helpers/interfaces/IProposalGenericExecutor.sol'; /** @@ -10,7 +11,41 @@ import {IProposalGenericExecutor} from 'aave-helpers/interfaces/IProposalGeneric * - Discussion: https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989 */ contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 is IProposalGenericExecutor { + // Used for both bounties and Immunefi fees + struct Bounty { + address asset; + address recipient; + uint256 amount; + } + function execute() external { - // custom code goes here + Bounty[3] memory bounties = getBounties(); + for (uint256 i = 0; i < bounties.length; i++) { + AaveV3Ethereum.COLLECTOR.transfer( + bounties[i].asset, + bounties[i].recipient, + bounties[i].amount + ); + } + } + + function getBounties() public pure returns (Bounty[3] memory) { + return [ + Bounty({ + asset: AaveV3EthereumAssets.USDC_A_TOKEN, + recipient: 0xFa760444A229e78A50Ca9b3779f4ce4CcE10E170, + amount: 65_000e6 + }), + Bounty({ + asset: AaveV3EthereumAssets.USDC_A_TOKEN, + recipient: 0x7dF98A6e1895fd247aD4e75B8EDa59889fa7310b, + amount: 25_000e6 + }), + Bounty({ + asset: AaveV3EthereumAssets.USDC_A_TOKEN, + recipient: 0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b, + amount: 6_500e6 + }) + ]; } } diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol index 7905bd2c1..804c25bff 100644 --- a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol @@ -1,10 +1,10 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; -import {AaveV3Ethereum} from 'aave-address-book/AaveV3Ethereum.sol'; +import {AaveV3Ethereum, AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol'; -import 'forge-std/Test.sol'; -import {ProtocolV3TestBase, ReserveConfig} from 'aave-helpers/ProtocolV3TestBase.sol'; +import {ProtocolV3TestBase} from 'aave-helpers/ProtocolV3TestBase.sol'; +import {IERC20} from 'solidity-utils/contracts/oz-common/interfaces/IERC20.sol'; import {AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205} from './AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol'; /** @@ -29,4 +29,41 @@ contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_Test is Protoco address(proposal) ); } + + function test_consistentBalances() public { + AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.Bounty[3] memory bounties = proposal + .getBounties(); + + uint256 TOTAL_AMOUNT = 96_500e6; + + uint256[] memory balancesRecipientsBefore = new uint256[](3); + uint256 balanceCollectorBefore = IERC20(AaveV3EthereumAssets.USDC_A_TOKEN).balanceOf( + address(AaveV3Ethereum.COLLECTOR) + ); + + // Validate the Collector has enough aUSDC v3 + assertGe(balanceCollectorBefore, TOTAL_AMOUNT); + + for (uint256 i = 0; i < bounties.length; i++) { + balancesRecipientsBefore[i] = IERC20(AaveV3EthereumAssets.USDC_A_TOKEN).balanceOf( + bounties[i].recipient + ); + } + + executePayload(vm, address(proposal)); + + for (uint256 i = 0; i < bounties.length; i++) { + assertApproxEqAbs( + IERC20(AaveV3EthereumAssets.USDC_A_TOKEN).balanceOf(bounties[i].recipient), + balancesRecipientsBefore[i] + bounties[i].amount, + 1 + ); + } + + uint256 balanceCollectorAfter = IERC20(AaveV3EthereumAssets.USDC_A_TOKEN).balanceOf( + address(AaveV3Ethereum.COLLECTOR) + ); + // Checking worst case scenario of 3 wei imprecision, but probabilistically pretty rare + assertApproxEqAbs(balanceCollectorAfter, balanceCollectorBefore - TOTAL_AMOUNT, 3); + } } diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md index 7fdbb8795..d4954cdb7 100644 --- a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md @@ -27,6 +27,8 @@ This proposal, will release the following funds to white-hat addresses and the I - $6'500 to `0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b` (immunefi.eth). This is the fee corresponding to the 10% of the bounty being paid. +_Note: The asset used for the transfers is aUSDC v3 Ethereum_. + ## References - Implementation: [AaveV3Ethereum](https://github.com/bgd-labs/aave-proposals-v3/blob/main/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol) From 3b9efd412837d97432500f2d2cb2f99dd9ba6008 Mon Sep 17 00:00:00 2001 From: Harsh Pandey Date: Tue, 6 Feb 2024 11:17:21 +0530 Subject: [PATCH 3/4] fix: typo --- .../RetroactiveBugBountyPreImmunefi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md index d4954cdb7..bde9e1d8a 100644 --- a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md @@ -7,7 +7,7 @@ snapshot: "https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e ## Simple Summary -Proposal to release a grand total of 86’500 USDC, for bounties pending from before the setup of the Aave <> Immunefi official bug bounty program +Proposal to release a grand total of 96’500 USDC, for bounties pending from before the setup of the Aave <> Immunefi official bug bounty program. ## Motivation From dee60678aad4c125a2b0484adc694fb8de51c69b Mon Sep 17 00:00:00 2001 From: Harsh Pandey Date: Tue, 6 Feb 2024 13:21:59 +0530 Subject: [PATCH 4/4] fix: funding token --- ...RetroactiveBugBountyPreImmunefi_20240205.sol | 12 ++++++------ ...troactiveBugBountyPreImmunefi_20240205.t.sol | 17 +++++++++-------- .../RetroactiveBugBountyPreImmunefi.md | 6 +++--- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol index 23a2eab70..5096d36d2 100644 --- a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol @@ -1,7 +1,7 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; -import {AaveV3Ethereum, AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol'; +import {AaveV2Ethereum, AaveV2EthereumAssets} from 'aave-address-book/AaveV2Ethereum.sol'; import {IProposalGenericExecutor} from 'aave-helpers/interfaces/IProposalGenericExecutor.sol'; /** @@ -21,7 +21,7 @@ contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 is IProposalGen function execute() external { Bounty[3] memory bounties = getBounties(); for (uint256 i = 0; i < bounties.length; i++) { - AaveV3Ethereum.COLLECTOR.transfer( + AaveV2Ethereum.COLLECTOR.transfer( bounties[i].asset, bounties[i].recipient, bounties[i].amount @@ -32,17 +32,17 @@ contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 is IProposalGen function getBounties() public pure returns (Bounty[3] memory) { return [ Bounty({ - asset: AaveV3EthereumAssets.USDC_A_TOKEN, + asset: AaveV2EthereumAssets.USDC_A_TOKEN, recipient: 0xFa760444A229e78A50Ca9b3779f4ce4CcE10E170, amount: 65_000e6 }), Bounty({ - asset: AaveV3EthereumAssets.USDC_A_TOKEN, + asset: AaveV2EthereumAssets.USDC_A_TOKEN, recipient: 0x7dF98A6e1895fd247aD4e75B8EDa59889fa7310b, - amount: 25_000e6 + amount: 15_000e6 }), Bounty({ - asset: AaveV3EthereumAssets.USDC_A_TOKEN, + asset: AaveV2EthereumAssets.USDC_A_TOKEN, recipient: 0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b, amount: 6_500e6 }) diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol index 804c25bff..9d94cdbbe 100644 --- a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol @@ -1,7 +1,8 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; -import {AaveV3Ethereum, AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol'; +import {AaveV3Ethereum} from 'aave-address-book/AaveV3Ethereum.sol'; +import {AaveV2Ethereum, AaveV2EthereumAssets} from 'aave-address-book/AaveV2Ethereum.sol'; import {ProtocolV3TestBase} from 'aave-helpers/ProtocolV3TestBase.sol'; import {IERC20} from 'solidity-utils/contracts/oz-common/interfaces/IERC20.sol'; @@ -34,18 +35,18 @@ contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_Test is Protoco AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.Bounty[3] memory bounties = proposal .getBounties(); - uint256 TOTAL_AMOUNT = 96_500e6; + uint256 TOTAL_AMOUNT = 86_500e6; uint256[] memory balancesRecipientsBefore = new uint256[](3); - uint256 balanceCollectorBefore = IERC20(AaveV3EthereumAssets.USDC_A_TOKEN).balanceOf( - address(AaveV3Ethereum.COLLECTOR) + uint256 balanceCollectorBefore = IERC20(AaveV2EthereumAssets.USDC_A_TOKEN).balanceOf( + address(AaveV2Ethereum.COLLECTOR) ); // Validate the Collector has enough aUSDC v3 assertGe(balanceCollectorBefore, TOTAL_AMOUNT); for (uint256 i = 0; i < bounties.length; i++) { - balancesRecipientsBefore[i] = IERC20(AaveV3EthereumAssets.USDC_A_TOKEN).balanceOf( + balancesRecipientsBefore[i] = IERC20(AaveV2EthereumAssets.USDC_A_TOKEN).balanceOf( bounties[i].recipient ); } @@ -54,14 +55,14 @@ contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_Test is Protoco for (uint256 i = 0; i < bounties.length; i++) { assertApproxEqAbs( - IERC20(AaveV3EthereumAssets.USDC_A_TOKEN).balanceOf(bounties[i].recipient), + IERC20(AaveV2EthereumAssets.USDC_A_TOKEN).balanceOf(bounties[i].recipient), balancesRecipientsBefore[i] + bounties[i].amount, 1 ); } - uint256 balanceCollectorAfter = IERC20(AaveV3EthereumAssets.USDC_A_TOKEN).balanceOf( - address(AaveV3Ethereum.COLLECTOR) + uint256 balanceCollectorAfter = IERC20(AaveV2EthereumAssets.USDC_A_TOKEN).balanceOf( + address(AaveV2Ethereum.COLLECTOR) ); // Checking worst case scenario of 3 wei imprecision, but probabilistically pretty rare assertApproxEqAbs(balanceCollectorAfter, balanceCollectorBefore - TOTAL_AMOUNT, 3); diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md index bde9e1d8a..492a08344 100644 --- a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md +++ b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md @@ -7,7 +7,7 @@ snapshot: "https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e ## Simple Summary -Proposal to release a grand total of 96’500 USDC, for bounties pending from before the setup of the Aave <> Immunefi official bug bounty program. +Proposal to release a grand total of 86’500 USDC, for bounties pending from before the setup of the Aave <> Immunefi official bug bounty program. ## Motivation @@ -23,11 +23,11 @@ This proposal, will release the following funds to white-hat addresses and the I - $65’000 to `0xFa760444A229e78A50Ca9b3779f4ce4CcE10E170`. -- $25’000 to `0x7dF98A6e1895fd247aD4e75B8EDa59889fa7310b`. +- $15’000 to `0x7dF98A6e1895fd247aD4e75B8EDa59889fa7310b`. - $6'500 to `0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b` (immunefi.eth). This is the fee corresponding to the 10% of the bounty being paid. -_Note: The asset used for the transfers is aUSDC v3 Ethereum_. +_Note: After checking with a financial contributor to the DAO (TokenLogic & Karpatkey), the asset used for the transfers is aUSDC v2 Ethereum_ ## References